Debian Package Tracker

From: Joost van Baal-Ilić <joostvb@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted moodle 2.7.5+dfsg-3 (source all) into unstable
Date: Mon, 09 Mar 2015 12:04:35 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 09 Mar 2015 12:56:41 +0100
Source: moodle
Binary: moodle
Architecture: source all
Version: 2.7.5+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Moodle Packaging Team <pkg-moodle-maintainers@lists.alioth.debian.org>
Changed-By: Joost van Baal-Ilić <joostvb@debian.org>
Description:
 moodle     - course management system for online learning
Closes: 775842
Changes:
 moodle (2.7.5+dfsg-3) unstable; urgency=high
 .
   * debian/README.Debian: add authors and dates, in order to make status more
     clear.
   * debian/watch: (trying to) get it working again, with revamped moodle.org website.
   * debian/changelog: add even more CVE-numbers to entry 2.7.5+dfsg-1.
   * For the record, https://security-tracker.debian.org/tracker/CVE-2013-3630
     will not get fixed: it's not a bug: the attack can only get launched by an
     administrator, and administrators need to be trusted.  See also Debian
     bug #775842.
   * Fix CVE-2014-4172 and CVE-2014-2054:
     - debian/rules, debian/control: don't use CAS client library as shipped with
       moodle (unchanged phpCAS 1.3.3, see upstream auth/cas/CAS/moodle_readme.txt)
       but php-cas as shipped with Debian (1.3.3-1 and 1.3.1-4+deb7u1); create
       symlinks /u/s/m/auth/cas/CAS/CAS.php -> /usr/share/php/CAS.php
       and /u/s/m/auth/cas/CAS/CAS -> /usr/share/php/CAS/.  This fixes CVE-2014-4172.
     - debian/rules: remove /u/s/m/lib/phpexcel from binary package.  Remove
       lib/phpexcel/PHPExcel/Shared/OLE* from upstream sources.  This fixes both a
       license problem and a security problem: Although the PHP license is generally
       agreed to be DFSG-free, using it as a license on anything that isn't PHP
       itself makes the result non-free.  PHP OLE is licensed under the PHP license.
       Older versions of PHP Excel, such as the one shipped with moodle, suffer from
       security problem CVE-2014-2054.  See also Debian Bug #718585 "RFP: php-excel".
     This closed Debian bug "Multiple security issues"; thanks Moritz Muehlenhoff,
     Thijs Kinkhorst and Hubert Chathi (Closes: #775842)
Checksums-Sha1:
 b687c53a12b6c0648581d2bfa41974dfa8e143ae 1718 moodle_2.7.5+dfsg-3.dsc
 97f9d17e07f7279060b8de5676be58f8e3c18fc9 72217992 moodle_2.7.5+dfsg-3.debian.tar.xz
 4b28b782848f22f748eb6234c8cb4354b19e5848 15314338 moodle_2.7.5+dfsg-3_all.deb
Checksums-Sha256:
 99f4a035f05bfde496a73dda7fd30c1dbf9e3ed200bc2306e991592d92800504 1718 moodle_2.7.5+dfsg-3.dsc
 fc5f4efddc16e7b5a5af5741b344ed6258500ea50e689e16cf367a9bb5dbf861 72217992 moodle_2.7.5+dfsg-3.debian.tar.xz
 98302d577a63889cdbf27e861b326ffb30c9be7f7a08c9382bac4941506176b1 15314338 moodle_2.7.5+dfsg-3_all.deb
Files:
 be7b841d7655a2abd63008859f7d7e80 1718 web optional moodle_2.7.5+dfsg-3.dsc
 631feb5c9f088fc68027e15e24c315ea 72217992 web optional moodle_2.7.5+dfsg-3.debian.tar.xz
 d22ab17eacf0feeef2667cc634a24009 15314338 web optional moodle_2.7.5+dfsg-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJU/YtFAAoJEDNRenKl5rDIHCAH/A7HxMN3CgCoIjUzjLMqXybY
OhWPXUrsqd3NQgzmdAI3li23lIrqOK9VXCtwFkU0zrWV9thVsO452fWT3/4q8qg/
8035s9tk+iScmdhNdn/0HEFUPZeNFp14eMXVWoXh3mnJGsO3zDhC62Pv0fCuY9Jf
2dRQKWt0b7LRvgYHNHMN5twxxqLfeMQtFRpnNJiDFnNJWyWPvmapxEqvlCerDx6q
AUQ8vB32//40Tmr4jEC2Yas6QC5psL/sPhyOcuOSxuPMUi4+STycr6RQsnisCqiX
SytUT97rQZ2k35SI2pzTozrTdBbuAIXDjZ0sStpo93faFIG3m4eFo3URQwa0Ccc=
=VAex
-----END PGP SIGNATURE-----
News for package moodle
